Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
A Huge Security Hole in AT&T DirecTV Gives Hackers an Easy Route to Spy on Your Home
If you’re one of the millions of people who’ve signed up to AT&T’s DirecTV service, there may be an easy way for hackers to get into your home and spy on you. That’s because of a vulnerability that’s yet to be fixed in a core part of the Genie digital video recorder system that’s shipped free of charge with DirecTV.
New Spider Ransomware Threatens to Delete Your Files If You Don’t Pay within 96 Hours
A new form of ransomware, dubbed the Spider Virus, has emerged and is being distributed through malicious Office documents, infecting victims with file-encrypting malware. The hackers demand that victims make a bitcoin payment for “the right key” in order to get their files back.
Facebook, PayPal and Other Prominent Sites Affected by the “the ROBOT Attack”
Researchers have found that a cryptographic flaw in the implementation of the RSA algorithm, discovered by Daniel Bleichenbacher, can still be exploited today. An updated version of this attack has now been dubbed ROBOT, short for Return of Bleichenbacher’s Oracle Threat.
Starbucks Cafe’s Wi-Fi Made Computers Mine Cryptocurrency
Wi-Fi service provided by one of the coffee chain’s outlets surreptitiously hijacked connected computers to use their processing power to create digital cash. Starbucks said that it had taken “swift action” to address the problem. However, it is not clear how long the malware involved was active.
MoneyTaker Cybercriminal Group Steals $10 Million from Financial Institutions
Security researchers shed light on the cybercriminal group MoneyTaker, which was reported to have perpetrated cyberattacks against financial organizations in the U.S. and Russia. The group reportedly stole as much as $10 million from at least 20 card payment and inter-bank transfer systems.
Three U.S. Men Plead Guilty to Crimes Tied to 2016 Botnet Attacks
A former Rutgers University student and two other men pleaded guilty to computer crimes related to the creation, sale and use of the Mirai botnet, a network of infected electronics equipment used to knock major websites offline in massive 2016 cyberattacks.
Researchers Untangle Patchwork Cyberespionage Attacks
Trend Micro researchers trailed the activities of the Patchwork cybergang over the course of its campaigns in 2017 and though the group may not be as innovative as other cybergangs, the its repertoire of infection vectors and payloads makes them a credible threat.
Be Aware of the Top Threats Going into 2018
While we all enjoy a good song about a partridge in a pear tree, Trend Micro has updated this seasonal standby, counting down the top threats to be aware of heading into the New Year, from least to most pressing. Let’s look at the vulnerabilities and potential points of attack to take into account for 2018.
IT Security Team Staffing Shortages Persist into 2018
As cybercriminals continue to leverage increasingly innovative and damaging attack strategies, supporting an enterprise with proper security resources and personnel is critical. However, the cybersecurity industry has experienced a shortage of talent for years now, and this problem will persist.
Apply Lean to Information Risk Management
Lean Manufacturing brings significant benefits to industry, including cost reduction, quality improvement, reduced cycle time, and greater customer satisfaction. Can Information Technology organizations apply Lean to cybersecurity? Trend Micro’s Bill Malik weighs in with his thoughts on this.
Protect Your Children with Parental Controls
Many of the things we take for granted in our daily online lives may not be as obvious to our children. To help reduce children’s exposure to online threats, Trend Micro incorporated Parental Controls into Trend Micro Security, along with its core Security and Privacy protections.
Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.